SB2026041132 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper Access Control (CVE-ID: CVE-2026-23268)

The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.

The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.

The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.

2) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-23290)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the pegasus USB driver when handling USB endpoints during device probing. A remote attacker can connect a malicious USB device with invalid or unexpected endpoint configurations to cause a denial of service.

Exploitation does not require authentication or user interaction beyond physically connecting the device; however, the attack vector is considered local due to physical access requirement.

3) Observable discrepancy (CVE-ID: CVE-2026-23364)

The vulnerability allows a local user to obtain sensitive information.

The vulnerability exists due to improper timing handling in the ksmbd component when comparing message authentication codes (MACs). A local user can leverage timing differences during MAC comparison to infer sensitive information.

Exploitation requires local access and the ability to trigger MAC comparisons through the ksmbd subsystem.

4) Improper resource shutdown or release (CVE-ID: CVE-2026-23401)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of SPTE updates in KVM MMU when installing emulated MMIO SPTEs. A local user can trigger a page fault after host userspace modifies guest memory mappings to switch from memslot to emulated MMIO, leading to an attempt to mark an already present SPTE as MMIO, which results in a kernel warning and potential guest crash. A local user can send a specially crafted request to cause a denial of service.

The issue arises when KVM fails to drop the existing shadow-present SPTE before installing an MMIO SPTE, resulting in inconsistent MMU state and triggering a kernel warning that can crash the guest.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1861